BloodHound API (v2)

Download OpenAPI specification:Download

This is the API that drives BloodHound Enterprise and Community Edition. Endpoint availability is denoted using the Community and Enterprise tags.

Contact information listed is for BloodHound Enterprise customers. To get help with BloodHound Community Edition, please join our Slack community.

Authentication

The BloodHound API supports two kinds of authentication: JWT bearer tokens and Signed Requests. For quick tests or one-time calls, the JWT used by your browser may be the simplest route. For more secure and long lived API integrations, the recommended option is signed requests.

JWT Bearer Token

The API will accept calls using the following header structure in the HTTP request:

Authorization: Bearer $JWT_TOKEN

If you open the Network tab within your browser, you will see calls against the API made utilizing this structure. JWT bearer tokens are supported by the BloodHound API, however it is recommended they only be used for temporary access. JWT tokens expire after a set amount of time and require re-authentication using secret credentials.

Signed Requests

Signed requests are the recommended form of authentication for the BloodHound API. Not only are signed requests better for long lived integrations, they also provide more security for the requests being sent. They provide authentication of the client, as well as verification of request integrity when received by the server.

Signed requests consist of three main parts: The client token ID, the request timestamp, and a base64 encoded HMAC signature. These three pieces of information are sent with the request using the following header structure:

Authorization: bhesignature $TOKEN_ID
RequestDate: $RFC3339_DATETIME
Signature: $BASE64ENCODED_HMAC_SIGNATURE

To use signed requests, you will need to generate an API token. Each API token generated in the BloodHound API comes with two parts: The Token ID, which is used in the Authorization header, and the Token Key, which is used as part of the HMAC hashing process. The token ID should be considered as public (like a username) and the token key should be considered secret (like a password). Once an API token is generated, you can use the key to sign requests.

For more documentation about how to work with authentication in the API, including examples of how to generate an API token in the BloodHound UI, please refer to this support doc: Working with the BloodHound API.

Signed Request Pseudo-code Example

First, a digest is initiated with HMAC-SHA-256 using the token key as the digest key:

digester = hmac.new(sha256, api_token_key)

OperationKey is the first HMAC digest link in the signature chain. This prevents replay attacks that seek to modify the request method or URI. It is composed of concatenating the request method and the request URI with no delimiter and computing the HMAC digest using the token key as the digest secret:

# Example: GET /api/v2/test/resource HTTP/1.1
# Signature Component: GET/api/v2/test/resource
digester.write(request_method + request_uri)

# Update the digester for further chaining
digester = hmac.New(sha256, digester.hash())

DateKey is the next HMAC digest link in the signature chain. This encodes the RFC3339 formatted datetime value as part of the signature to the hour to prevent replay attacks that are older than max two hours. This value is added to the signature chain by cutting off all values from the RFC3339 formatted datetime from the hours value forward:

# Example: 2020-12-01T23:59:60Z
# Signature Component: 2020-12-01T23
request_datetime = date.now()
digester.write(request_datetime[:13])

# Update the digester for further chaining
digester = hmac.New(sha256, digester.hash())

Body signing is the last HMAC digest link in the signature chain. This encodes the request body as part of the signature to prevent replay attacks that seek to modify the payload of a signed request. In the case where there is no body content the HMAC digest is computed anyway, simply with no values written to the digester:

if request.body is not empty:
  digester.write(request.body)

Finally, base64 encode the final hash and write the three required headers before sending the request:

encoded_hash = base64_encode(digester.hash())
request.header.write('Authorization', 'bhesignature ' + token_id)
request.header.write('RequestDate', request_datetime)
request.header.write('Signature', encoded_hash)

Auth

Login to BloodHound

Login to BloodHound with user credentials or a one time password.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for logging into the application. secret or otp is required, but not both.

login_method
required
string
Value: "secret"

The type of login. Currently only secret is supported.

username
required
string
secret
string

The password for the user. This field can be used instead of otp.

otp
string

The One Time Password for a single login. This field can be used instead of secret

Responses

Request samples

Content type
application/json
{
  • "login_method": "secret",
  • "username": "cool_user@bloodhoundenterprise.io",
  • "secret": "MySup3rS3cr3tPassw0rd!!!"
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Logout of BloodHound

Logout of BloodHound and delete the user session JWT.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
text/plain
[this request has no response data]

Get self

Get the currently authenticated requester details. For Community, this will only ever be valid for users. In Enterprise, this could be either a BloodHound user or a client (collector).

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

List SAML Providers

List all registered SAML providers.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get all SAML sign on endpoints

Get all SAML sign on endpoints

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Create a New SAML Provider from Metadata

Creates a new SAML provider with the given name and metadata XML.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
Request Body schema: multipart/form-data
required
name
string

Name of the new SAML provider.

metadata
string <binary>

Metadata XML file.

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get SAML Provider

Get the service and identity provider configuration details for a SAML authentication provider.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
saml_provider_id
required
integer <int32>

SAML Provider ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Roles

List Roles

List all authorization roles.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
sort_by
string (sort-by)

Sortable columns are name, description, id, created_at, updated_at, deleted_at.

name
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

id
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

created_at
string <date-time> (filter.time)

Filter results by created_at value. See filter schema details for valid predicates.

updated_at
string <date-time> (filter.time)

Filter results by updated_at value. See filter schema details for valid predicates.

deleted_at
string <date-time> (filter.time)

Filter results by deleted_at value. See filter schema details for valid predicates.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get Role

Gets an authorization role's details.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
role_id
required
integer <int32>

ID of the role record to retrieve info for.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Permissions

List Permissions

List all authorization permissions.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
sort_by
string (sort-by)

Sortable columns are authority, name, id, created_at, updated_at, deleted_at.

authority
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

name
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

id
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

created_at
string <date-time> (filter.time)

Filter results by created_at value. See filter schema details for valid predicates.

updated_at
string <date-time> (filter.time)

Filter results by updated_at value. See filter schema details for valid predicates.

deleted_at
string <date-time> (filter.time)

Filter results by deleted_at value. See filter schema details for valid predicates.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get Permission

Gets an authorization permission's details.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
permission_id
required
integer <int32>

ID of the permission record to retrieve details for.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

API Tokens

Create Token for User

Create a new token to use with request signing based authentication for a given user.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for creating an auth token

token_name
string
user_id
string <uuid>

Responses

Request samples

Content type
application/json
{
  • "token_name": "string",
  • "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5"
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Delete a User Token

Delete a request signing token for a given user.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
token_id
required
string <uuid>

ID of auth token to delete.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
text/plain
[this request has no response data]

BloodHound Users

List Users

Gets all BloodHound user details.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
sort_by
string (sort-by)

Sortable columns are first_name, last_name, email_address, principal_name, last_login, created_at, updated_at, deleted_at.

first_name
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

last_name
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

email_address
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

principal_name
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

id
string <uuid> (filter.uuid)

Filter results by column string-formatted uuid value. Valid filter predicates are eq, neq.

last_login
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

created_at
string <date-time> (filter.time)

Filter results by created_at value. See filter schema details for valid predicates.

updated_at
string <date-time> (filter.time)

Filter results by updated_at value. See filter schema details for valid predicates.

deleted_at
string <date-time> (filter.time)

Filter results by deleted_at value. See filter schema details for valid predicates.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Create a New User

Create a new BloodHound user.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for creating a user

first_name
string
last_name
string
email_address
string <email>
principal
string
roles
Array of integers <int32> [ items <int32 > ]
saml_provider_id
string
is_disabled
boolean
secret
string
needs_password_reset
boolean

Responses

Request samples

Content type
application/json
{
  • "first_name": "string",
  • "last_name": "string",
  • "email_address": "user@example.com",
  • "principal": "string",
  • "roles": [
    ],
  • "saml_provider_id": "string",
  • "is_disabled": true,
  • "secret": "string",
  • "needs_password_reset": true
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get a user

Get a BloodHound user's details.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
user_id
required
string <uuid>

User ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Update a User

Update a BloodHound user's properties'.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
user_id
required
string <uuid>

User ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for updating a user

first_name
string
last_name
string
email_address
string <email>
principal
string
roles
Array of integers <int32> [ items <int32 > ]
saml_provider_id
string
is_disabled
boolean

Responses

Request samples

Content type
application/json
{
  • "first_name": "string",
  • "last_name": "string",
  • "email_address": "user@example.com",
  • "principal": "string",
  • "roles": [
    ],
  • "saml_provider_id": "string",
  • "is_disabled": true
}

Response samples

Content type
text/plain
[this request has no response data]

Delete a User

Deletes an existing BloodHound user.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
user_id
required
string <uuid>

User ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
text/plain
[this request has no response data]

Create or Set User Secret

Create or set a user's secret to use as a login password.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
user_id
required
string <uuid>

User ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for creating or setting a user secret

secret
string
needs_password_reset
boolean

Responses

Request samples

Content type
application/json
{
  • "secret": "string",
  • "needs_password_reset": true
}

Response samples

Content type
text/plain
[this request has no response data]

Expire User Secret

Expire a user's secret to use as a login password.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
user_id
required
string <uuid>

User ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
text/plain
[this request has no response data]

Enrolls user in multi-factor authentication

Enrolls user in multi-factor authentication

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
user_id
required
string <uuid>

User ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for enrolling a user in multi-factor authentication

secret
string

Responses

Request samples

Content type
application/json
{
  • "secret": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Unenroll user from multi-factor authentication

Unenrolls user from multi-factor authentication

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
user_id
required
string <uuid>

User ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for unenrolling a user from multi-factor authentication

secret
string

Responses

Request samples

Content type
application/json
{
  • "secret": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Returns MFA activation status for a user

Returns multi-factor authentication status for a user

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
user_id
required
string <uuid>

User ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Activates MFA for an enrolled user

Activates multi-factor authentication for an enrolled user

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
user_id
required
string <uuid>

User ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for activating multi-factor authentication for an enrolled user

otp
string

Responses

Request samples

Content type
application/json
{
  • "otp": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Collectors

Get collector manifest

Retrieves the version manifest for a given collector

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
collector_type
required
string (client-type)
Enum: "sharphound" "azurehound"

Collector type

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get collector download by version

Retrieves the download for a given collector with given version

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
collector_type
required
string (client-type)
Enum: "sharphound" "azurehound"

Collector type

release_tag
required
string

Release tag (semver or "latest")

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/octet-stream
[this request has a binary response]

Get collector checksum by version

Retrieves the checksum file for a given collector with given version

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
collector_type
required
string (client-type)
Enum: "sharphound" "azurehound"

Collector type

release_tag
required
string

Release tag (semver or "latest")

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/octet-stream
[this request has a binary response]

Collection Uploads

List File Upload Jobs

Lists available file upload jobs

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
sort_by
string (sort-by)

Sortable columns are user_email_address, status, status_message, start_time, end_time, last_ingest, id, created_at, updated_at, and deleted_at.

user_id
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

user_email_address
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

status
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

status_message
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

start_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

end_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

last_ingest
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

id
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

created_at
string <date-time> (filter.time)

Filter results by created_at value. See filter schema details for valid predicates.

updated_at
string <date-time> (filter.time)

Filter results by updated_at value. See filter schema details for valid predicates.

deleted_at
string <date-time> (filter.time)

Filter results by deleted_at value. See filter schema details for valid predicates.

skip
integer (skip) >= 0

This query parameter is used for determining the number of objects to skip in pagination.

limit
integer (limit) >= 0

This query parameter is used for setting an upper limit of objects returned in paginated responses.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "count": 0,
  • "skip": 0,
  • "limit": 0
}

Create File Upload Job

Creates a file upload job for sending collection files

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Upload File To Job

Saves a collection file to a file upload job

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
file_upload_job_id
required
integer <int64>

The ID for the file upload job.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json

The body of the file upload request.

object

Responses

Request samples

Content type
application/json
{ }

Response samples

Content type
text/plain
[this request has no response data]

End File Upload Job

End a file upload job

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
file_upload_job_id
required
integer <int64>

The ID for the file upload job.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
text/plain
[this request has no response data]

List accepted file upload types

List accepted file types for collection file uploads

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": [
    ]
}

API Info

Get API version

Returns the supported API versions.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get API Spec

Returns an Open API 3.0 compatible BloodHound API spec

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
text/x-yaml
openapi: 3.0.3
servers:
  - url: /
...[truncated example]

Search

Search for objects

Search for graph objects by name or object ID, filtered by type.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
q
required
string

Search parameter for the name or object ID of a node.

type
string

Node type. Some AD examples: Base, User, Computer, Group, Container. Some Azure examples: AZBase, AZApp, AZDevice.

skip
integer (skip) >= 0

This query parameter is used for determining the number of objects to skip in pagination.

limit
integer (limit) >= 0

This query parameter is used for setting an upper limit of objects returned in paginated responses.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": [
    ]
}

Get available domains

Gets available domains along with their collection status

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
sort_by
string (filter.string)

Sortable columns are objectid, name.

objectid
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

name
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

collected
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": [
    ]
}

Audit

List audit logs

Returns a list of audit logs.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
skip
integer (skip) >= 0

This query parameter is used for determining the number of objects to skip in pagination.

limit
integer (limit) >= 0

This query parameter is used for setting an upper limit of objects returned in paginated responses.

created_at
string <date-time> (filter.time)

Filter results by created_at value. See filter schema details for valid predicates.

sort_by
string (sort-by)

Sortable columns are id, actor_id, actor_name, actor_email, action, request_id, created_at, source, and status.

before
string <date-time>

Return logs created before the specified time. Value should be in the RFC-3339 format. If not supplied, this will default to the current time.

after
string <date-time>

Return logs created after the specified time. Value should be in the RFC-3339 format. If not supplied, this will default to 1 year before the current time.

id
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

actor_id
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

actor_name
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

actor_email
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

action
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

request_id
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

source
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

status
string (filter.string)

Filter results by column value. Valid filter predicates are eq, neq. Valid values are success and failure.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Config

List application config parameters

Lists application configuration parameters for this instance

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
parameter
string

Parameter filter. Must follow the convention: parameter=eq:value

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": [
    ]
}

List feature flags

Lists all feature flags for this instance

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": [
    ]
}

Toggle a feature flag's enabled status to either enable or disable it.

Writes application configuration parameters for this instance

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
feature_id
required
integer <int32>

Feature ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Asset Isolation

List all asset isolation groups

Lists all asset isolation groups.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
sort_by
string (sort-by)

Sortable columns are name, tag, and member_count.

name
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

tag
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

system_group
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

member_count
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

id
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

created_at
string <date-time> (filter.time)

Filter results by created_at value. See filter schema details for valid predicates.

updated_at
string <date-time> (filter.time)

Filter results by updated_at value. See filter schema details for valid predicates.

deleted_at
string <date-time> (filter.time)

Filter results by deleted_at value. See filter schema details for valid predicates.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Create an asset group

Creates an asset group

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for creating an asset group

name
string
tag
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "tag": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get asset group by ID

Retrieve asset group by ID

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
asset_group_id
required
integer <int32>

ID of the asset group record to retrieve

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Update an asset group

Updates an asset group

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
asset_group_id
required
integer <int32>

ID of the asset group record to retrieve

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for updating an asset group.

name
string

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Delete an asset group

Deletes an asset group

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
asset_group_id
required
integer <int32>

ID of the asset group record to retrieve

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
text/plain
[this request has no response data]

List asset group collections

Returns all historical memberships if no URL params are specified.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
asset_group_id
required
integer <int32>

ID of the asset_group record to retrieve

query Parameters
sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. See parameter description for details about which columns are sortable.

id
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

created_at
string <date-time> (filter.time)

Filter results by created_at value. See filter schema details for valid predicates.

updated_at
string <date-time> (filter.time)

Filter results by updated_at value. See filter schema details for valid predicates.

deleted_at
string <date-time> (filter.time)

Filter results by deleted_at value. See filter schema details for valid predicates.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": [
    ]
}

Update asset group selectors Deprecated

DEPRECATED use PUT instead. Updates asset group selectors.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
asset_group_id
required
integer <int32>

ID of the asset_group record to retrieve

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for updating asset group selectors

Array
selector_name
string
sid
string
action
string
Enum: "add" "remove"

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "data": {
    }
}

Update asset group selectors

Updates asset group selectors

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
asset_group_id
required
integer <int32>

ID of the asset_group record to retrieve

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for updating asset group selectors

Array
selector_name
string
sid
string
action
string
Enum: "add" "remove"

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "data": {
    }
}

Delete an asset group selector

Deletes an asset group selector

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
asset_group_id
required
integer <int32>

ID of the asset_group record to retrieve

asset_group_selector_id
required
integer <int32>

ID of the asset_group_selector record to retrieve

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
text/plain
[this request has no response data]

Get asset group custom member count

Get asset group custom member count

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
asset_group_id
required
integer <int32>

ID of the asset_group record to retrieve

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "custom_member_count": 0
}

List all asset isolation group members

List all members of an asset isolation group.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
asset_group_id
required
integer <int32>

ID of the asset_group record to retrieve

query Parameters
skip
integer (skip) >= 0

This query parameter is used for determining the number of objects to skip in pagination.

limit
integer (limit) >= 0

This query parameter is used for setting an upper limit of objects returned in paginated responses.

sort_by
string (sort-by)

Sortable columns are object_id, asset_group_id, primary_kind, environment_id, environment_kind, and name.

object_id
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

primary_kind
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

environment_id
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

environment_kind
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

name
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

custom_member
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "count": 0,
  • "skip": 0,
  • "limit": 0
}

List asset group member count by kind

List counts of members of an asset isolation group by primary kind.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
asset_group_id
required
integer <int32>

ID of the asset_group record to retrieve

query Parameters
object_id
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

environment_id
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

primary_kind
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

environment_kind
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

name
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

custom_member
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Graph

Get pathfinding result Deprecated

DEPRECATED use GetShortestPath instead. Get the result of pathfinding between two nodes in graph format.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
start_node
required
string

Start Node

end_node
required
string

End Node

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get search result

Get the result of searching a graph for a node by name

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
search_query
required
string

Search query

type
string
Enum: "fuzzy" "exact"

The type of search strategy to use. Default is fuzzy.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get the shortest path graph

A graph of the shortest path from start_node to end_node.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
start_node
required
integer <int32>

The start node objectId

end_node
required
integer <int32>

The end node objectId

relationship_kinds
string (filter.contains) ^(in|nin):(\w+)(,\s*\w+)*$

The contains predicate checks a property against the values in a given comma separated list.

  • in checks if the property matches an element in the given comma separated list.
    • in:Contains,GetChangesAll,MemberOf
  • nin checks if the property does not match an element in the given comma separated list.
    • nin:LocalToComputer,MemberOfLocalGroup
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get path composition

Returns a graph representing the various nodes and edges that make up the complex post-processed edge.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
source_node
required
integer <int32>

The ID of the starting node.

target_node
required
integer <int32>

The ID of the ending node.

edge_type
required
string

The type of edge to show the composition for.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Azure Entities

Get Azure entity

Retrieves entity information for the given Azure object ID. If related_entity_type parameter is not set, this endpoint will return information about a single entity. Using the counts boolean parameter will further modify the response. If related_entity_type parameter is set, this endpoint will return information about entities related to a single entity. The type parameter will morph the response data structure. The list value for the type parameter also accepts skip and limit parameters.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
entity_type
required
string

Entity Type

query Parameters
object_id
required
string

The object ID of the entity being operated on.

counts
boolean

Returns related entity counts. Does not work with related_entity_type parameter.

related_entity_type
string

Flags the query to return related entity information based on the type passed.

type
string
Default: "list"
Enum: "list" "graph"

The type of return data expected. Only works with related_entity_type parameter.

skip
integer (skip) >= 0

This query parameter is used for determining the number of objects to skip in pagination. Only compatible with related_entity_type and type=list

limit
integer >= 0
Default: 100

This query parameter is used for setting an upper limit of objects returned in paginated responses. Only compatible with related_entity_type and type=list

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "data": {
    }
}

AD Base Entities

Get entity info

Get basic info and counts for this node.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
counts
boolean
Default: true

Include counts of related entities. Default value is true.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get entity controllables

Get a list, graph, or count of the principals this node can control.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get entity controllers

Get a list, graph, or count of the principals that can control this node.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Computers

Get computer entity info

Get info and counts for this computer node.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
counts
boolean
Default: true

Include counts of related entities. Default value is true.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get computer entity admin rights

Get a list, graph, or count of the systems this computer has admin rights to.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get computer entity admins

Get a list, graph, or count of the principals that have admin rights on this computer.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get computer entity constrained delegation rights

Get a list, graph, or count of the principals that this computer has constrained delegations rights to.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get computer entity constrained users

Get a list, graph, or count of the principals that have constrained delegation rights to this computer.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get computer entity controllables

Get a list, graph, or count of the principals this computer can control.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get computer entity controllers

Get a list, graph, or count of the principals that can control this computer.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get computer entity DCOM rights

Get a list, graph, or count of the systems this computer can execute DCOM on.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get computer entity DCOM users

Get a list, graph, or count of the principals that can execute DCOM on this computer.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get computer entity group membership

Get a list, graph, or count of the groups this computer is a member of.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get computer entity remote PowerShell rights

Get a list, graph, or count of the systems this computer has remote PowerShell rights on.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get computer entity remote PowerShell users

Get a list, graph, or count of the principals that have remote PowerShell rights on this computer.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get computer entity RDP rights

Get a list, graph, or count of the systems this computer can RDP to.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get computer entity RDP users

Get a list, graph, or count of the principals that have RDP rights on this computer.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get computer entity sessions

Get a list, graph, or count of the principals with active sessions on this computer.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get computer entity SQL admins

Get a list, graph, or count of the principals that have SQL admin rights on this computer.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Containers

Get container entity info

Get basic info and counts for this container node.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
counts
boolean
Default: true

Include counts of related entities. Default value is true.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get container entity controllers

Get a list, graph, or count of the principals that can control this container.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Domains

Get domain entity info

Get basic info and counts for this domain node.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
counts
boolean
Default: true

Include counts of related entities. Default value is true.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Update the Domain entity

Updates the supported properties on the Domain entity.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json

The patch request body for updating Domain

collected
boolean

Responses

Request samples

Content type
application/json
{
  • "collected": true
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get domain entity computers

Get a list or count of the computers that belong to this domain.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get domain entity controllers

Get a list, graph, or count of the principals that can control this domain.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get domain entity DC Syncers

Get a list, graph, or count of the principals that can DC sync this domain.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get domain entity foreign admins

Get a list, graph, or count of the principals outside of this domain that have admin rights on principals in this domain.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get domain entity foreign GPO controllers

Get a list, graph, or count of the principals outside of this domain that can control GPOs inside this domain.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get domain entity foregin groups

Get a list, graph, or count of the groups outside of this domain that are members of groups inside this domain.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get domain entity foreign users

Get a list, graph, or count of the users outside of this domain that are members of groups inside this domain.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get domain entity GPOs

Get a list or count of the GPOs in this domain.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get domain entity groups

Get a list or count of the groups in this domain.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get domain entity inbound trusts

Get a list, graph, or count of the inbound trusts for this domain.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get domain entity linked GPOs

Get a list, graph, or count of the GPOs linked to this domain.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get domain entity OUs

Get a list or count of the OUs in this domain.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get domain entity outbound trusts

Get a list, graph, or count of the outbound trusts for this domain.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get domain entity users

Get a list or count of the users in this domain.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

GPOs

Get GPO entity info

Get info and counts for this GPO node.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
counts
boolean
Default: true

Include counts of related entities. Default value is true.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get GPO entity computer

Get a list, graph, or count of the computers affected by this GPO.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get GPO entity controllers

Get a list, graph, or count of the principals that can control this OU.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get GPO entity OUs

Get a list, graph, or count of the OUs affected by this GPO.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get GPO entity tier-zero

Get a list, graph, or count of the tier-zero principals associated with this GPO.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get GPO entity users

Get a list, graph, or count of the users affected by this GPO.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

AIA CAs

Get AIA CA entity info

Get info and counts for this AIA CA node.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
counts
boolean
Default: true

Include counts of related entities. Default value is true.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get AIA CA entity controllers

Get a list, graph, or count of the principals that can control this AIA CA.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Root CAs

Get Root CA entity info

Get info and counts for this Root CA node.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
counts
boolean
Default: true

Include counts of related entities. Default value is true.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get Root CA entity controllers

Get a list, graph, or count of the principals that can control this Root CA.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Enterprise CAs

Get Enterprise CA entity info

Get info and counts for this Enterprise CA node.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
counts
boolean
Default: true

Include counts of related entities. Default value is true.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get Enterprise CA entity controllers

Get a list, graph, or count of the principals that can control this Enterprise CA.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

NT Auth Stores

Get NT Auth Store entity info

Get info and counts for this NT Auth Store node.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
counts
boolean
Default: true

Include counts of related entities. Default value is true.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get NT Auth Store entity controllers

Get a list, graph, or count of the principals that can control this NT Auth Store.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Cert Templates

Get Cert Template entity info

Get info and counts for this Cert Template node.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
counts
boolean
Default: true

Include counts of related entities. Default value is true.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get Cert Template entity controllers

Get a list, graph, or count of the principals that can control this Cert Template.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

OUs

Get OU entity info

Get info and counts for this OU node.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
counts
boolean
Default: true

Include counts of related entities. Default value is true.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get OU entity computers

Get a list, graph, or count of the computers contained by this OU.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get OU entity GPOs

Get a list, graph, or count of the GPOs that affect this OU.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get OU entity groups

Get a list, graph, or count of the groups contained by this OU.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get OU entity users

Get a list, graph, or count of the users contained by this OU.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

AD Users

Get User entity info

Get info and counts for this User node.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
counts
boolean
Default: true

Include counts of related entities. Default value is true.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get User entity admin rights

Get a list, graph, or count of the systems this user has admin rights to.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get User entity constrained delegation rights

Get a list, graph, or count of the systems this user has constrained delegation rights to.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get User entity controllables

Get a list, graph, or count of the principals this user can control.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get User entity controllers

Get a list, graph, or count of the principals that can control this User.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get User entity DCOM rights

Get a list, graph, or count of the systems this user can execute DCOM on.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get User entity membership

Get a list, graph, or count of the groups this user is a member of.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get User entity PowerShell remote rights

Get a list, graph, or count of the systems this user can execute PowerShell remote on.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get User entity RDP rights

Get a list, graph, or count of the systems this user has RDP rights to.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get User entity sessions

Get a list, graph, or count of the systems this user has an active session on.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get User entity SQL admin rights

Get a list, graph, or count of the systems this user has SQL admin rights to.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Groups

Get Group entity info

Get info and counts for this Group node.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
counts
boolean
Default: true

Include counts of related entities. Default value is true.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get Group entity admin rights

Get a list, graph, or count of the systems this group has admin rights to.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get Group entity controllables

Get a list, graph, or count of the principals this group can control.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get Group entity controllers

Get a list, graph, or count of the principals that can control this group.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get Group entity DCOMRights

Get a list, graph, or count of the systems this group can execute DCOM on.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get Group entity members

Get a list, graph, or count of the principals that are a member of this group.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get Group entity memberships

Get a list, graph, or count of the groups this group is a member of.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get Group entity PowerShell remote rights

Get a list, graph, or count of the systems this group can execute PowerShell remote on.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get Group entity RDP rights

Get a list, graph, or count of the systems this group can RDP to.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Get Group entity sessions

Get a list, graph, or count of the active sessions for users that belong to this group.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

query Parameters
skip
integer >= 0
Default: 0

The number of entries to skip for pagination. Only available for type=list.

limit
integer >= 0
Default: 10

The number of entries to limit in the response. Only available for type=list.

type
string
Default: "list"
Enum: "list" "graph" "count"

The type of return data requested. If no type is provided, query will default to list, but invalid types will result in a count query. Some entity query endpoints do not support the graph type.

sort_by
string (sort-by)

Sort by column. Can be used multiple times; prepend a hyphen for descending order. Columns available for sorting are dependent on the entity object kind.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
Example
{
  • "property1": {
    },
  • "property2": {
    }
}

Data Quality

Get database completeness stats

Get the percentage of local admins and sessions collected

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get AD domain data quality stats

Time series list of data quality stats for a given AD domain

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
domain_id
required
string

Domain ID

query Parameters
sort_by
string (sort-by)

Sortable columns are created_at, updated_at.

start
string <date-time>

Beginning datetime of range (inclusive) in RFC-3339 format; Defaults to current datetime minus 30 days

end
string <date-time>

Ending datetime of range (exclusive) in RFC-3339 format; Defaults to current datetime

skip
integer (skip) >= 0

This query parameter is used for determining the number of objects to skip in pagination.

limit
integer (limit) >= 0

This query parameter is used for setting an upper limit of objects returned in paginated responses.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "count": 0,
  • "skip": 0,
  • "limit": 0,
  • "start": "2019-08-24T14:15:22Z",
  • "end": "2019-08-24T14:15:22Z",
  • "data": [
    ]
}

Get Azure tenant data quality stats

Time series list of data quality stats for a given Azure tenant

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
tenant_id
required
string

Tenant ID

query Parameters
sort_by
string (sort-by)

Sortable columns are created_at, updated_at.

start
string <date-time>

Beginning datetime of range (inclusive) in RFC-3339 format; Defaults to current datetime minus 30 days

end
string <date-time>

Ending datetime of range (exclusive) in RFC-3339 format; Defaults to current datetime

skip
integer (skip) >= 0

This query parameter is used for determining the number of objects to skip in pagination.

limit
integer (limit) >= 0

This query parameter is used for setting an upper limit of objects returned in paginated responses.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "count": 0,
  • "skip": 0,
  • "limit": 0,
  • "start": "2019-08-24T14:15:22Z",
  • "end": "2019-08-24T14:15:22Z",
  • "data": [
    ]
}

Get platform data quality aggregate

Time series list of aggregate data quality stats for a given platform

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
platform_id
required
string
Enum: "ad" "azure"

Platform ID

query Parameters
sort_by
string (sort-by)

Sortable columns are created_at, updated_at.

start
string <date-time>

Beginning datetime of range (inclusive) in RFC-3339 format; Defaults to current datetime minus 30 days

end
string <date-time>

Ending datetime of range (exclusive) in RFC-3339 format; Defaults to current datetime

skip
integer (skip) >= 0

This query parameter is used for determining the number of objects to skip in pagination.

limit
integer (limit) >= 0

This query parameter is used for setting an upper limit of objects returned in paginated responses.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "count": 0,
  • "skip": 0,
  • "limit": 0,
  • "start": "2019-08-24T14:15:22Z",
  • "end": "2019-08-24T14:15:22Z",
  • "data": [
    ]
}

Datapipe

Get datapipe status

Gets the current status of the datapipe

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Start analysis

Flags the API to begin analyzing ingest data.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
text/plain
[this request has no response data]

Cypher

List saved queries

Get all saved queries for the current user

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
skip
integer (skip) >= 0

This query parameter is used for determining the number of objects to skip in pagination.

limit
integer (limit) >= 0

This query parameter is used for setting an upper limit of objects returned in paginated responses.

sort_by
string (sort-by)

Sortable columns are user_id, name, query, id, created_at, updated_at, deleted_at.

name
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

query
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

user_id
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "count": 0,
  • "skip": 0,
  • "limit": 0
}

Create a saved query

Create a new saved query

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for creating a saved query

name
string
query
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "query": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Delete a saved query

Delete an existing saved query by ID

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
saved_query_id
required
integer <int32>

ID of the saved query

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
text/plain
[this request has no response data]

Run a cypher query

Runs a manual cypher query directly against the database

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
query
string
include_properties
boolean

Responses

Request samples

Content type
application/json
{
  • "query": "string",
  • "include_properties": true
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

EULA

Accept EULA

Accept BloodHound Enterprise EULA for logged in user (EULA applies to BHE customers only).

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
text/plain
[this request has no response data]

Analysis

Get latest tier zero combo node

Get latest tier zero combo node

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
domain_id
required
string

Domain ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get the graph for meta tree

Gets meta nodes and connecting edges

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
domain_id
required
string

Domain ID

query Parameters
node_id
integer <int64>

Node ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get the combo tree for an asset group Deprecated

Gets the combo tree for an asset group

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
asset_group_id
required
integer <int32>

Asset Group Object ID

query Parameters
domainsid
string

Filter by Domain security identifier.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Client Ingest

Endpoint for data ingestion

Ingests data from collector clients

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
text/plain
[this request has no response data]

Clients

List Clients

Lists available clients for processing collection events.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
created_at
string <date-time> (filter.time)

Filter results by created_at value. See filter schema details for valid predicates.

updated_at
string <date-time> (filter.time)

Filter results by updated_at value. See filter schema details for valid predicates.

deleted_at
string <date-time> (filter.time)

Filter results by deleted_at value. See filter schema details for valid predicates.

hydrate_domains
boolean
Default: true

When a value of true is passed, any Domains associated with scheduled and finished jobs for each client will have expanded properties including name and type. When a value of false is passed, these same Domains will only return as a list of objectids.

hydrate_ous
boolean
Default: true

When a value of true is passed, any OUs associated with scheduled and finished jobs for each client will have expanded properties including name and type. When a value of false is passed, these same OUs will only return as a list of objectids.

skip
integer (skip) >= 0

This query parameter is used for determining the number of objects to skip in pagination.

limit
integer (limit) >= 0

This query parameter is used for setting an upper limit of objects returned in paginated responses.

sort_by
string (sort-by)

Sortable columns are name, ip_address, hostname, configured_user, last_checkin, completed_job_count, created_at, updated_at, deleted_at.

name
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

ip_address
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

hostname
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

configured_user
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

version
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

user_sid
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

last_checkin
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

current_job_id
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

completed_job_count
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

domain_controller
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

id
string <uuid> (filter.uuid)

Filter results by column string-formatted uuid value. Valid filter predicates are eq, neq.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "count": 0,
  • "skip": 0,
  • "limit": 0,
  • "data": [
    ]
}

Create Client

Creates a client for collection events

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for creating a client

name
string
domain_controller
string
type
string (client-type)
Enum: "sharphound" "azurehound"

This enum describes the collector client type.

Array of objects (client-schedule)

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "domain_controller": "string",
  • "type": "sharphound",
  • "events": [
    ]
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Client Error

Endpoint for clients to log enumeration errors.

Note: caller must be a client. For users, this endpoint will return a 404 as they are not expected or allowed to call this endpoint.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for logging a client enumeration error

task_error
string
object

Responses

Request samples

Content type
application/json
{
  • "task_error": "string",
  • "additional": {
    }
}

Response samples

Content type
text/plain
[this request has no response data]

Update Client Values

Endpoint for clients to update their own information at startup.

Note: caller must be a client. For users, this endpoint will return a 404 as they are not expected or allowed to call this endpoint.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for updating a client

address
string
hostname
string
username
string
version
string
usersid
string

Responses

Request samples

Content type
application/json
{
  • "address": "string",
  • "hostname": "string",
  • "username": "string",
  • "version": "string",
  • "usersid": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get Client

Gets given client for processing collection events

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
client_id
required
string <uuid>

Client ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Update Client

Update a client for processing collection events

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
client_id
required
string <uuid>

Client ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for updating a client

name
string
domain_controller
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "domain_controller": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Delete Client

Delete a client for processing collection events

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
client_id
required
string <uuid>

Client ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
text/plain
[this request has no response data]

Regenerate the authentication token for a client

Regenerate the authentication token for a client

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
client_id
required
string <uuid>

Client ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

List all completed tasks for a client Deprecated

List all completed tasks for a client

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
client_id
required
string <uuid>

Client ID

query Parameters
created_at
string <date-time> (filter.time)

Filter results by created_at value. See filter schema details for valid predicates.

updated_at
string <date-time> (filter.time)

Filter results by updated_at value. See filter schema details for valid predicates.

deleted_at
string <date-time> (filter.time)

Filter results by deleted_at value. See filter schema details for valid predicates.

hydrate_domains
boolean
Default: true

When a value of true is passed, any Domains associated with scheduled and finished jobs for each client will have expanded properties including name and type. When a value of false is passed, these same Domains will only return as a list of objectids.

hydrate_ous
boolean
Default: true

When a value of true is passed, any OUs associated with scheduled and finished jobs for each client will have expanded properties including name and type. When a value of false is passed, these same OUs will only return as a list of objectids.

skip
integer (skip) >= 0

This query parameter is used for determining the number of objects to skip in pagination.

limit
integer (limit) >= 0

This query parameter is used for setting an upper limit of objects returned in paginated responses.

sort_by
string (sort-by)

Sortable columns are event_id, execution_time, status, start_time, end_time, log_path, domain_controller, event_title, last_ingest, id, created_at, updated_at, deleted_at.

id
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

log_path
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

session_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

local_group_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

cert_services_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

ca_registry_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

dc_registry_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

ad_structure_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

domain_controller
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

status
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

event_title
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

client_id
string <uuid> (filter.uuid)

Filter results by column string-formatted uuid value. Valid filter predicates are eq, neq.

event_id
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

execution_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

start_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

end_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

last_ingest
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "count": 0,
  • "skip": 0,
  • "limit": 0,
  • "data": [
    ]
}

List all completed jobs for a client

List all completed jobs for a client

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
client_id
required
string <uuid>

Client ID

query Parameters
created_at
string <date-time> (filter.time)

Filter results by created_at value. See filter schema details for valid predicates.

updated_at
string <date-time> (filter.time)

Filter results by updated_at value. See filter schema details for valid predicates.

deleted_at
string <date-time> (filter.time)

Filter results by deleted_at value. See filter schema details for valid predicates.

hydrate_domains
boolean
Default: true

When a value of true is passed, any Domains associated with scheduled and finished jobs for each client will have expanded properties including name and type. When a value of false is passed, these same Domains will only return as a list of objectids.

hydrate_ous
boolean
Default: true

When a value of true is passed, any OUs associated with scheduled and finished jobs for each client will have expanded properties including name and type. When a value of false is passed, these same OUs will only return as a list of objectids.

skip
integer (skip) >= 0

This query parameter is used for determining the number of objects to skip in pagination.

limit
integer (limit) >= 0

This query parameter is used for setting an upper limit of objects returned in paginated responses.

sort_by
string (sort-by)

Sortable columns are event_id, execution_time, status, start_time, end_time, log_path, domain_controller, event_title, last_ingest, id, created_at, updated_at, deleted_at.

id
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

log_path
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

session_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

local_group_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

cert_services_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

ca_registry_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

dc_registry_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

ad_structure_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

domain_controller
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

status
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

event_title
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

client_id
string <uuid> (filter.uuid)

Filter results by column string-formatted uuid value. Valid filter predicates are eq, neq.

event_id
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

execution_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

start_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

end_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

last_ingest
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "count": 0,
  • "skip": 0,
  • "limit": 0,
  • "data": [
    ]
}

Creates a scheduled task Deprecated

Creates a new scheduled task

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
client_id
required
string <uuid>

Client ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for creating a scheduled task

session_collection
boolean
local_group_collection
boolean
ad_structure_collection
boolean
cert_services_collection
boolean
ca_registry_collection
boolean
dc_registry_collection
boolean
all_trusted_domains
boolean
object (string)

Responses

Request samples

Content type
application/json
{
  • "session_collection": true,
  • "local_group_collection": true,
  • "ad_structure_collection": true,
  • "cert_services_collection": true,
  • "ca_registry_collection": true,
  • "dc_registry_collection": true,
  • "all_trusted_domains": true,
  • "domain_controller": {
    }
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Creates a scheduled job

Creates a new scheduled job

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
client_id
required
string <uuid>

Client ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for creating a scheduled job

session_collection
boolean
local_group_collection
boolean
ad_structure_collection
boolean
cert_services_collection
boolean
ca_registry_collection
boolean
dc_registry_collection
boolean
all_trusted_domains
boolean
object (string)

Responses

Request samples

Content type
application/json
{
  • "session_collection": true,
  • "local_group_collection": true,
  • "ad_structure_collection": true,
  • "cert_services_collection": true,
  • "ca_registry_collection": true,
  • "dc_registry_collection": true,
  • "all_trusted_domains": true,
  • "domain_controller": {
    }
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Jobs

List available client jobs

Endpoint for clients to get next available jobs.

Note: caller must be a client. For users, this endpoint will return a 404 as they are not expected or allowed to call this endpoint.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
sort_by
string (sort-by)

Sortable columns are event_id, execution_time, status, start_time, end_time, log_path, domain_controller, event_title, last_ingest, id, created_at, updated_at, and deleted_at.

log_path
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

session_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

local_group_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

cert_services_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

ca_registry_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

dc_registry_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

ad_structure_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

domain_controller
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

status
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

event_title
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

client_id
string <uuid> (filter.uuid)

Filter results by column string-formatted uuid value. Valid filter predicates are eq, neq.

event_id
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

execution_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

start_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

end_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

last_ingest
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

hydrate_ous
boolean
Default: true

When a value of true is passed, any OUs associated with scheduled and finished jobs for each client will have expanded properties including name and type. When a value of false is passed, these same OUs will only return as a list of objectids.

hydrate_domains
boolean
Default: true

When a value of true is passed, any Domains associated with scheduled and finished jobs for each client will have expanded properties including name and type. When a value of false is passed, these same Domains will only return as a list of objectids.

created_at
string <date-time> (filter.time)

Filter results by created_at value. See filter schema details for valid predicates.

updated_at
string <date-time> (filter.time)

Filter results by updated_at value. See filter schema details for valid predicates.

deleted_at
string <date-time> (filter.time)

Filter results by deleted_at value. See filter schema details for valid predicates.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": [
    ]
}

List finished jobs

Gets all finished jobs

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
sort_by
string (sort-by)

Sortable columns are client_name, event_id, execution_time, status, start_time, end_time, log_path, domain_controller, event_title, last_ingest, id, created_at, updated_at, deleted_at.

log_path
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

session_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

local_group_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

cert_services_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

ca_registry_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

dc_registry_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

ad_structure_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

domain_controller
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

status
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

event_title
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

client_id
string <uuid> (filter.uuid)

Filter results by column string-formatted uuid value. Valid filter predicates are eq, neq.

event_id
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

execution_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

start_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

end_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

last_ingest
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

hydrate_domains
boolean
Default: true

When a value of true is passed, any Domains associated with scheduled and finished jobs for each client will have expanded properties including name and type. When a value of false is passed, these same Domains will only return as a list of objectids.

hydrate_ous
boolean
Default: true

When a value of true is passed, any OUs associated with scheduled and finished jobs for each client will have expanded properties including name and type. When a value of false is passed, these same OUs will only return as a list of objectids.

created_at
string <date-time> (filter.time)

Filter results by created_at value. See filter schema details for valid predicates.

updated_at
string <date-time> (filter.time)

Filter results by updated_at value. See filter schema details for valid predicates.

deleted_at
string <date-time> (filter.time)

Filter results by deleted_at value. See filter schema details for valid predicates.

skip
integer (skip) >= 0

This query parameter is used for determining the number of objects to skip in pagination.

limit
integer (limit) >= 0

This query parameter is used for setting an upper limit of objects returned in paginated responses.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "count": 0,
  • "skip": 0,
  • "limit": 0,
  • "data": [
    ]
}

Get jobs

Gets client jobs

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
sort_by
string (sort-by)

Sortable columns are client_name, event_id, execution_time, status, start_time, end_time, log_path, domain_controller, event_title, last_ingest, id, created_at, updated_at, deleted_at.

log_path
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

session_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

local_group_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

cert_services_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

ca_registry_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

dc_registry_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

ad_structure_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

domain_controller
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

status
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

event_title
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

client_id
string <uuid> (filter.uuid)

Filter results by column string-formatted uuid value. Valid filter predicates are eq, neq.

event_id
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

execution_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

start_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

end_time
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

last_ingest
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

created_at
string <date-time> (filter.time)

Filter results by created_at value. See filter schema details for valid predicates.

updated_at
string <date-time> (filter.time)

Filter results by updated_at value. See filter schema details for valid predicates.

deleted_at
string <date-time> (filter.time)

Filter results by deleted_at value. See filter schema details for valid predicates.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": [
    ]
}

Get client current job

Gets the current job for the authenticated client.

Note: caller must be a client. For users, this endpoint will return a 404 as they are not expected or allowed to call this endpoint.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Notifies the API of a job start

Endpoint for clients to start a new job and mark the start time.

Note: caller must be a client. For users, this endpoint will return a 404 as they are not expected or allowed to call this endpoint.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
id
integer <int64>

Responses

Request samples

Content type
application/json
{
  • "id": 0
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Notifies the API of a job ending

Endpoint for clients to end a job and mark the end time.

Note: caller must be a client. For users, this endpoint will return a 404 as they are not expected or allowed to call this endpoint.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get client job

Gets client job

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
job_id
required
integer <int64>

Job ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Cancels a scheduled job

Cancels a scheduled job

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
job_id
required
integer <int64>

Job ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get Job Log File

Get the log file from a SharpHound run

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
job_id
required
integer <int64>

Job ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Events (Schedules)

List events

Gets all client scheduled events.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
sort_by
string (sort-by)

Sortable columns are next_scheduled_at, id, created_at, updated_at, deleted_at.

id
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

rrule
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

next_scheduled_at
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

client_id
string <uuid> (filter.uuid)

Filter results by column string-formatted uuid value. Valid filter predicates are eq, neq.

session_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

local_group_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

ad_structure_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

cert_services_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

ca_registry_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

dc_registry_collection
boolean (filter.boolean)

Filter results by column boolean value. Valid filter predicates are eq, neq.

hydrate_domains
boolean
Default: true

When a value of true is passed, any Domains associated with scheduled and finished jobs for each client will have expanded properties including name and type. When a value of false is passed, these same Domains will only return as a list of objectids.

hydrate_ous
boolean
Default: true

When a value of true is passed, any OUs associated with scheduled and finished jobs for each client will have expanded properties including name and type. When a value of false is passed, these same OUs will only return as a list of objectids.

created_at
string <date-time> (filter.time)

Filter results by created_at value. See filter schema details for valid predicates.

updated_at
string <date-time> (filter.time)

Filter results by updated_at value. See filter schema details for valid predicates.

deleted_at
string <date-time> (filter.time)

Filter results by deleted_at value. See filter schema details for valid predicates.

skip
integer (skip) >= 0

This query parameter is used for determining the number of objects to skip in pagination.

limit
integer (limit) >= 0

This query parameter is used for setting an upper limit of objects returned in paginated responses.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "count": 0,
  • "skip": 0,
  • "limit": 0,
  • "data": [
    ]
}

Create Event

Creates a scheduled event for data collection

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for creating an event

rrule
string
session_collection
boolean
local_group_collection
boolean
ad_structure_collection
boolean
cert_services_collection
boolean
ca_registry_collection
boolean
dc_registry_collection
boolean
all_trusted_domains
boolean
ous
Array of strings
domains
Array of strings

Responses

Request samples

Content type
application/json
{
  • "rrule": "string",
  • "session_collection": true,
  • "local_group_collection": true,
  • "ad_structure_collection": true,
  • "cert_services_collection": true,
  • "ca_registry_collection": true,
  • "dc_registry_collection": true,
  • "all_trusted_domains": true,
  • "ous": [
    ],
  • "domains": [
    ]
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Get Event

Gets a scheduled job event by ID.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
event_id
required
integer <int32>

Event ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}

Update Event

Updates a scheduled event

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
event_id
required
integer <int32>

Event ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for updating an event

rrule
string
session_collection
boolean
local_group_collection
boolean
ad_structure_collection
boolean
cert_services_collection
boolean
ca_registry_collection
boolean
dc_registry_collection
boolean
all_trusted_domains
boolean
ous
Array of strings
domains
Array of strings

Responses

Request samples

Content type
application/json
{
  • "rrule": "string",
  • "session_collection": true,
  • "local_group_collection": true,
  • "ad_structure_collection": true,
  • "cert_services_collection": true,
  • "ca_registry_collection": true,
  • "dc_registry_collection": true,
  • "all_trusted_domains": true,
  • "ous": [
    ],
  • "domains": [
    ]
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Delete Event

Deletes a scheduled event and associated tasks by id

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
event_id
required
integer <int32>

Event ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
text/plain
[this request has no response data]

Attack Paths

Export attack path findings

Export the finding table for a given attack path

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
domain_id
required
string

Domain ID

query Parameters
finding
required
string

Finding Type

filterAccepted
string (risk-acceptance)
Enum: "accepted" "unaccepted" "all" ""

Risk acceptance filter

sort_by
string (sort-by)

Sort by column. The only sortable column is finding.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
text/csv
header1,header2,header3
cell1,cell2,cell3
cell4,cell5,cell6
...

List all attack path types

Lists all possible attack path types

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
sort_by
string (sort-by)

Sort by column. The only sortable column is finding.

finding
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": [
    ]
}

Start analysis

Starts generating attack paths

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
text/plain
[this request has no response data]

List available attack paths

Lists available attack path types for a domain

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
domain_id
required
string

Domain ID

query Parameters
sort_by
string (sort-by)

Sort by column. The only sortable column is finding.

finding
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": [
    ]
}

List domain attack paths details

Lists detailed data about attack paths for a domain.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
domain_id
required
string

Domain ID

query Parameters
finding
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

sort_by
string (sort-by)

Sortable columns are domain_sid, index, AcceptedUntil, id, created_at, updated_at, deleted_at. Relationship risks can be sorted on FromPrincipal and ToPrincipal in addition to the sortable columns for List Risks.

FromPrincipal
string (filter.string)
Deprecated

Filter results by column string value. Valid filter predicates are eq, neq.

ToPrincipal
string (filter.string)
Deprecated

Filter results by column string value. Valid filter predicates are eq, neq.

from_principal
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

to_principal
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

principals_hash
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

Accepted
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

AcceptedUntil
string <date-time> (filter.time)
Deprecated

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

accepted_until
string <date-time> (filter.time)

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

Principal
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

Finding
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

domain_sid
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

id
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

created_at
string <date-time> (filter.time)

Filter results by created_at value. See filter schema details for valid predicates.

updated_at
string <date-time> (filter.time)

Filter results by updated_at value. See filter schema details for valid predicates.

deleted_at
string <date-time> (filter.time)

Filter results by deleted_at value. See filter schema details for valid predicates.

skip
integer (skip) >= 0

This query parameter is used for determining the number of objects to skip in pagination.

limit
integer (limit) >= 0

This query parameter is used for setting an upper limit of objects returned in paginated responses.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "count": 0,
  • "skip": 0,
  • "limit": 0,
  • "data": [
    ]
}

List attack path sparkline values

List the values that represent the sparklines for individual attack paths

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
domain_id
required
string

Domain ID

query Parameters
sort_by
string (sort-by)

Sortable columns are CompositeRisk, FindingCount, ImpactedAssetCount, domain_sid, id, created_at, updated_at, deleted_at.

finding
required
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

from
string <date-time> (filter.time)

Beginning datetime of range (inclusive) in RFC-3339 format; Defaults to current datetime minus 30 days

to
string <date-time> (filter.time)

Ending datetime of range (exclusive) in RFC-3339 format; Defaults to current datetime

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "start": "2019-08-24T14:15:22Z",
  • "end": "2019-08-24T14:15:22Z",
  • "data": [
    ]
}

Update attack path risk

Updates an attack path as an accepted or unaccepted risk until a given time.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
attack_path_id
required
integer <int64>

Attack Path ID

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Request Body schema: application/json
required

The request body for updating risk acceptance

risk_type
string
accept_until
string <date-time>
accepted
boolean

Responses

Request samples

Content type
application/json
{
  • "risk_type": "string",
  • "accept_until": "2019-08-24T14:15:22Z",
  • "accepted": true
}

Response samples

Content type
application/json
{
  • "data": {
    }
}

Risk Posture

Get Posture Statistics

Gets the history of database stats saved in the database

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
query Parameters
sort_by
string (sort-by)

Sortable columns are domain_sid, exposure_index, tier_zero_count, critical_risk_count, id, created_at, updated_at, deleted_at.

from
string <date-time>
Deprecated

Lower bound for created_at; to return posture stats starting at a specific date/time

to
string <date-time>
Deprecated

Upper bound for created_at; to return posture stats upto a specific date/time

domain_sid
string (filter.string)

Filter results by column string value. Valid filter predicates are eq, neq.

exposure_index
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

tier_zero_count
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

critical_risk_count
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

id
integer (filter.integer)

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "count": 0,
  • "skip": 0,
  • "limit": 0,
  • "start": "2019-08-24T14:15:22Z",
  • "end": "2019-08-24T14:15:22Z",
  • "data": [
    ]
}

Meta Entities

Get Meta entity info

Get info and counts for this Meta node.

Authorizations:
JWTBearerToken(SignedRequestRequestDateHMACSignature)
path Parameters
object_id
required
string (object-id)

The object id of the entity being operated on.

header Parameters
Prefer
integer [ 0 .. 60 ]
Default: 30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. The default timeout is 30 seconds and maximum timeout is 60 seconds

Responses

Response samples

Content type
application/json
{
  • "data": {
    }
}